Small businesses today do not know whether they should put their applications and data on the cloud. If they do, what are the possible cloud security risks?
The nature of the cloud computing is data sharing. Hence, the high risk of security should be when businesses want to apply the cloud computing to business models. According to the CSA, you should always be careful with the security. Because these services default to users ignoring the general corporate security policies and setting up their own employee accounts with the service. Therefore, enterprises may have to modify and add new security policies to suit the cloud.
The cloud environment also has the same security risks as ordinary enterprise networks. But as there is a lot of data stored on cloud servers, the provider becomes a good target for the bad guys. The risk depends on the sensitivity of the data. It is possible that the personal financial information is the most sensitive one. However, it may also be information about health, trade secrets, intellectual property … and they are also devastating.
When the incident occurs, the business is usually fined, or faced with charges. Surveys of data leakage and compensation for customers can leave your business the blank. Side effects that are less likely to cough may be brand damage, loss of partnerships, and disruption to business for years to come.
Data leakage and attack types are often aimed at obtaining login credentials, such as passwords, authentication keys, or other credentials. Businesses often find it difficult to manage user identities in order to identify the right people, when accessing data on the cloud. More importantly, businesses often forget to remove user access when they finish work, or end the project.
Multi-tier authentication systems, such as a new password, smartphone authentication, and smartcard protection are good for cloud services because they make it difficult for the bad guys to get data even when they are. Obtain the user password. The leak of Anthem Health Insurance Company in 2014 revealed more than 80 million customer logins. Anthem does not implement multi-step authentication so once the attacker gets the log data, everything is collapsing.
Many developers mistakenly embedded and encrypted code, and push the source onto popular code repositories like GitHub. These keys also need proper security, including public keys. CSA also believes that these keys need to be changed periodically so that an attacker cannot gain access.
Interface and API are attacked
The fact is that almost every cloud service or application has its own program interface. IT teams use these interfaces and APIs to manage and interact with cloud services, including functions such as managing, synchronizing, and monitoring the cloud data.
The security and availability of cloud services, from authentication, access control, to encryption, and activity monitoring, all depend on the security of the API. The higher the security risk becomes, the more likely it is that third parties will participate, and the business will find it hard to refuse the partner to collaborate on the cloud. Therefore, if the interface and API are poorly secured, it will reveal vulnerabilities related to the integrity, availability, security and reliability of the data.